package com.day.crx.explorer.impl.j2ee;

import com.day.crx.security.token.TokenCookie;
import java.io.IOException;
import java.util.UUID;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.LoginException;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/explorer/impl/j2ee/LoginServlet.class */
public class LoginServlet extends HttpServlet {
    private static Logger log = LoggerFactory.getLogger(LoginServlet.class);
    public static final String PARAM_USER = "UserId";
    public static final String PARAM_PASS = "Password";
    public static final String PARAM_WORKSPACE = "Workspace";
    public static final String PARAM_TOKEN = ".token";
    public static final String PARAM_REDIRECT = "redirect";
    public static final String COOKIE_WORKSPACE = "login-workspace";
    public static final String COOKIE_IMPERSONATE = "login-impersonate";
    private static final String REPO_DESC_ID = "crx.repository.systemid";
    private static final String REPO_DESC_CLUSTER_ID = "crx.cluster.id";
    private static String repositoryId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initRepositoryId(Repository repository) {
        String descriptor = repository.getDescriptor(REPO_DESC_CLUSTER_ID);
        if (descriptor == null) {
            descriptor = repository.getDescriptor(REPO_DESC_ID);
            if (descriptor == null) {
                descriptor = UUID.randomUUID().toString();
                log.error("activate: Failure to acquire unique ID for this token authenticator. Using random UUID {}", descriptor);
            }
        }
        repositoryId = descriptor;
        log.info("activate: Supporting tokens bound to Repository (Cluster) {}", repositoryId);
    }

    private static String getRepositoryId() {
        return repositoryId;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        CRXHttpServletRequest cRXHttpServletRequest = httpServletRequest instanceof CRXHttpServletRequest ? (CRXHttpServletRequest) httpServletRequest : new CRXHttpServletRequest(CRXContext.getInstance(getServletConfig().getServletContext(), httpServletRequest, true));
        Session session = null;
        try {
            try {
                Session login = login(cRXHttpServletRequest, httpServletResponse);
                if (login == null) {
                    httpServletResponse.sendError(401);
                } else {
                    setLoginCookies(login, httpServletRequest, httpServletResponse);
                    String parameter = cRXHttpServletRequest.getParameter(PARAM_REDIRECT);
                    if (parameter != null) {
                        httpServletResponse.sendRedirect(parameter);
                    }
                }
                if (login != null) {
                    login.logout();
                }
            } catch (RepositoryException e) {
                throw new ServletException(e);
            } catch (NoSuchWorkspaceException e2) {
                httpServletResponse.sendError(404, "Login failed: " + e2.getMessage());
                if (0 != 0) {
                    session.logout();
                }
            } catch (LoginException e3) {
                httpServletResponse.sendError(403, "Authentication failed: " + e3.getMessage());
                if (0 != 0) {
                    session.logout();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                session.logout();
            }
            throw th;
        }
    }

    public static Session login(CRXHttpServletRequest cRXHttpServletRequest, HttpServletResponse httpServletResponse) throws RepositoryException, ServletException {
        SimpleCredentials credentials = new CRXCredentialsProvider(BasicCredentialsProvider.GUEST_DEFAULT_HEADER_VALUE).getCredentials(cRXHttpServletRequest);
        Session login = cRXHttpServletRequest.getCtx().getRepository().login(credentials, getWorkspaceName(cRXHttpServletRequest));
        if (log.isDebugEnabled()) {
            log.debug("User '" + login.getUserID() + "' logged in. Workspace=" + login.getWorkspace().getName());
        }
        if (httpServletResponse != null) {
            String str = null;
            if (credentials instanceof SimpleCredentials) {
                Object attribute = credentials.getAttribute(PARAM_TOKEN);
                if (attribute != null) {
                    str = attribute.toString();
                }
            } else if (credentials instanceof TokenCredentials) {
                str = ((TokenCredentials) credentials).getToken();
            }
            if (str == null || str.length() <= 0) {
                TokenCookie.update(cRXHttpServletRequest, httpServletResponse, repositoryId, (String) null, (String) null, false);
            } else {
                TokenCookie.update(cRXHttpServletRequest, httpServletResponse, repositoryId, str, login.getWorkspace().getName(), false);
            }
        }
        String cookie = TokenCookie.getCookie(cRXHttpServletRequest, COOKIE_IMPERSONATE);
        if (cookie != null) {
            try {
                Session impersonate = login.impersonate(new SimpleCredentials(cookie, new char[0]));
                log.error("Impersonated {} to {}.", login.getUserID(), cookie);
                login.logout();
                login = impersonate;
            } catch (LoginException e) {
                log.error("Impersonation to {} failed. Using original session: {}", cookie, e.toString());
            }
        }
        return login;
    }

    public static Session login(CRXContext cRXContext, HttpServletResponse httpServletResponse) throws RepositoryException, ServletException {
        return login(cRXContext.getRequest() instanceof CRXHttpServletRequest ? (CRXHttpServletRequest) cRXContext.getRequest() : new CRXHttpServletRequest(cRXContext), httpServletResponse);
    }

    public static String getWorkspaceName(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(PARAM_WORKSPACE);
        if (parameter == null) {
            parameter = getWorkspaceFromCookies(httpServletRequest);
        } else if (BasicCredentialsProvider.EMPTY_DEFAULT_HEADER_VALUE.equals(parameter)) {
            parameter = null;
        }
        return parameter;
    }

    public static String getWorkspaceFromCookies(HttpServletRequest httpServletRequest) {
        String str = TokenCookie.getTokenInfo(httpServletRequest, getRepositoryId()).workspace;
        if (str == null) {
            str = TokenCookie.getCookie(httpServletRequest, COOKIE_WORKSPACE);
        }
        return str;
    }

    public static String getLoginTokenFromCookies(HttpServletRequest httpServletRequest) {
        return TokenCookie.getTokenInfo(httpServletRequest, getRepositoryId()).token;
    }

    public static void setLoginCookies(Session session, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null || contextPath.length() == 0) {
            contextPath = "/";
        }
        String repositoryId2 = getRepositoryId();
        if (session == null) {
            TokenCookie.update(httpServletRequest, httpServletResponse, repositoryId2, (String) null, (String) null, false);
            TokenCookie.setCookie(httpServletResponse, COOKIE_WORKSPACE, BasicCredentialsProvider.EMPTY_DEFAULT_HEADER_VALUE, 0, contextPath, (String) null, false, httpServletRequest.isSecure());
        } else {
            TokenCookie.setCookie(httpServletResponse, COOKIE_WORKSPACE, session.getWorkspace().getName(), -1, contextPath, (String) null, false, httpServletRequest.isSecure());
        }
        TokenCookie.setCookie(httpServletResponse, COOKIE_IMPERSONATE, BasicCredentialsProvider.EMPTY_DEFAULT_HEADER_VALUE, 0, contextPath, (String) null, false, httpServletRequest.isSecure());
    }

    public static void setImpersonationCookie(Session session, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (session != null) {
            String contextPath = httpServletRequest.getContextPath();
            if (contextPath == null || contextPath.length() == 0) {
                contextPath = "/";
            }
            TokenCookie.setCookie(httpServletResponse, COOKIE_IMPERSONATE, session.getUserID(), -1, contextPath, (String) null, false, httpServletRequest.isSecure());
        }
    }

    public static boolean redirectToLogin(CRXHttpServletRequest cRXHttpServletRequest, CRXHttpServletResponse cRXHttpServletResponse) throws IOException {
        Session jcrSession = cRXHttpServletRequest.getJcrSession();
        if (jcrSession != null && jcrSession.isLive()) {
            return false;
        }
        Credentials credentials = null;
        try {
            credentials = new CRXCredentialsProvider(BasicCredentialsProvider.GUEST_DEFAULT_HEADER_VALUE).getCredentials(cRXHttpServletRequest);
        } catch (Exception e) {
        }
        cRXHttpServletResponse.sendRedirect(cRXHttpServletRequest.getContextPath() + "/login.jsp?error=" + Text.escape((credentials == null || (credentials instanceof GuestCredentials)) ? "Anonymous access not allowed. Please login." : "Your CRX session has expired. Please login again.") + "&redirect=" + Text.escape(cRXHttpServletRequest.getRequestURI()));
        return true;
    }
}
